クライアントの設定
root@OpenWrt:/etc# cat openwrt_version
10.03.1-RC6
root@OpenWrt:/etc# cd config/
root@OpenWrt:/etc/config# ls
dhcp firewall network system uhttpd
dropbear luci network.orig ucitrack wireless
root@OpenWrt:/etc/config# for file in `ls`
> do
> echo $file
> echo --------
> cat $file
> echo --------
> done
dhcp
--------
config 'dnsmasq'
option 'boguspriv' '1'
option 'localise_queries' '1'
option 'expandhosts' '1'
option 'authoritative' '1'
option 'readethers' '1'
option 'leasefile' '/tmp/dhcp.leases'
option 'resolvfile' '/tmp/resolv.conf.auto'
option 'local' '192.168.1.28,192.168.1.29,192.168.1.30'
option 'domain' 'hirasawa.local'
option 'rebind_protection' '0'
config 'dhcp' 'lan'
option 'interface' 'lan'
option 'ignore' '1'
config 'dhcp' 'wan'
option 'interface' 'wan'
option 'ignore' '1'
--------
dropbear
--------
config dropbear
option PasswordAuth 'on'
option Port '22'
# option BannerFile '/etc/banner'
--------
firewall
--------
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name wan
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option src wan
option proto udp
option dest_port 68
option target ACCEPT
#Allow ping
config rule
option src wan
option proto icmp
option icmp_type echo-request
option target ACCEPT
# include a file with users custom iptables rules
config include
option path /etc/firewall.user
### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
# option src lan
# option src_ip 192.168.45.2
# option dest wan
# option proto tcp
# option target REJECT
# block a specific mac on wan
#config rule
# option dest wan
# option src_mac 00:11:22:33:44:66
# option target REJECT
# block incoming ICMP traffic on a zone
#config rule
# option src lan
# option proto ICMP
# option target DROP
# port redirect port coming in on wan to lan
#config redirect
# option src wan
# option src_dport 80
# option dest lan
# option dest_ip 192.168.16.235
# option dest_port 80
# option proto tcp
### FULL CONFIG SECTIONS
#config rule
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 80
# option dest wan
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
# option target REJECT
#config redirect
# option src lan
# option src_ip 192.168.45.2
# option src_mac 00:11:22:33:44:55
# option src_port 1024
# option src_dport 80
# option dest_ip 194.25.2.129
# option dest_port 120
# option proto tcp
--------
luci
--------
config 'core' 'main'
option 'lang' 'auto'
option 'mediaurlbase' '/luci-static/openwrt.org'
option 'resourcebase' '/luci-static/resources'
config 'extern' 'flash_keep'
option 'uci' '/etc/config/'
option 'dropbear' '/etc/dropbear/'
option 'openvpn' '/etc/openvpn/'
option 'passwd' '/etc/passwd'
option 'opkg' '/etc/opkg.conf'
option 'firewall' '/etc/firewall.user'
option 'uploads' '/lib/uci/upload/'
config 'internal' 'languages'
option 'en' 'English'
config 'internal' 'sauth'
option 'sessionpath' '/tmp/luci-sessions'
option 'sessiontime' '3600'
config 'internal' 'ccache'
option 'enable' '1'
config 'internal' 'template'
option 'compiler_mode' 'memory'
option 'compiledir' '/tmp/luci-templatecache'
config 'internal' 'themes'
option 'OpenWrt' '/luci-static/openwrt.org'
--------
network
--------
config 'interface' 'loopback'
option 'ifname' 'lo'
option 'proto' 'static'
option 'ipaddr' '127.0.0.1'
option 'netmask' '255.0.0.0'
config 'interface' 'lan'
option 'ifname' 'eth0'
option 'type' 'bridge'
option 'proto' 'static'
option 'netmask' '255.255.255.0'
option 'ipaddr' '192.168.1.194'
option 'gateway' '192.168.1.1'
option 'broadcast' '255.255.255.0'
list 'dns' '192.168.1.28'
list 'dns' '192.168.1.29'
list 'dns' '192.168.1.30'
config 'interface' 'wan'
option 'ifname' 'eth1'
option 'proto' 'dhcp'
--------
network.orig
--------
config interface loopback
option ifname lo
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
config interface lan
option ifname eth0
option type bridge
option proto static
option ipaddr 192.168.1.1
option netmask 255.255.255.0
config interface wan
option ifname eth1
option proto dhcp
--------
system
--------
config system
option hostname OpenWrt
option timezone UTC
config rdate
list server ac-ntp0.net.cmu.edu
list server ptbtime1.ptb.de
list server ac-ntp1.net.cmu.edu
list server ntp.xs4all.nl
list server ptbtime2.ptb.de
list server cudns.cit.cornell.edu
list server ptbtime3.ptb.de
--------
ucitrack
--------
config network
option init network
list affects dhcp
config wireless
list affects network
config firewall
option init firewall
list affects luci-splash
list affects qos
config olsr
option init olsrd
config dhcp
option init dnsmasq
config dropbear
option init dropbear
config httpd
option init httpd
config fstab
option init fstab
config qos
option init qos
config system
option init led
list affects luci_statistics
config luci_splash
option init luci_splash
config upnpd
option init miniupnpd
config ntpclient
option init ntpclient
config samba
option init samba
config tinyproxy
option init tinyproxy
--------
uhttpd
--------
# Server configuration
config uhttpd main
# HTTP listen addresses, multiple allowed
list listen_http 0.0.0.0:80
# list listen_http [::]:80
# HTTPS listen addresses, multiple allowed
list listen_https 0.0.0.0:443
# list listen_https [::]:443
# Server document root
option home /www
# Certificate and private key for HTTPS.
# If no listen_https addresses are given,
# the key options are ignored.
option cert /etc/uhttpd.crt
option key /etc/uhttpd.key
# CGI url prefix, will be searched in docroot.
# Default is /cgi-bin
option cgi_prefix /cgi-bin
# Lua url prefix and handler script.
# Lua support is disabled if no prefix given.
# option lua_prefix /luci
# option lua_handler /usr/lib/lua/luci/sgi/uhttpd.lua
# CGI/Lua timeout, if the called script does not
# write data within the given amount of seconds,
# the server will temrinate the request with
# 504 Gateway Timeout response.
option script_timeout 60
# Basic auth realm, defaults to local hostname
# option realm OpenWrt
# Configuration file in busybox httpd format
# option config /etc/httpd.conf
# Certificate defaults for px5g key generator
config cert px5g
# Validity time
option days 730
# RSA key size
option bits 1024
# Location
option country DE
option state Berlin
option location Berlin
# Common name
option commonname OpenWrt
--------
wireless
--------
config 'wifi-device' 'radio0'
option 'type' 'mac80211'
option 'macaddr' '00:22:cf:00:e7:9b'
option 'hwmode' '11ng'
option 'htmode' 'HT20'
list 'ht_capab' 'SHORT-GI-40'
list 'ht_capab' 'DSSS_CCK-40'
option 'channel' '6'
option 'txpower' '20'
option 'country' 'JP'
config 'wifi-iface'
option 'device' 'radio0'
option 'network' 'lan'
option 'ssid' 'OpenWrt1'
option 'key' 'xxxxxxxxxxx'
option 'mode' 'sta'
option 'wds' '1'
option 'encryption' 'psk2'
--------
root@OpenWrt:/etc/config#
